Olivia
Online
🐸Smart🐸Contract🐸Programmer🐸
@ProgrammerSmart
Joined April 2019
252 Following
26.8K Followers
2.7K Posts
@newmichwill For those wonder what negative rates are🤔, I think it works like this
Positive rates
Borrowers pay suppliers + protocol
Negative rates
Suppliers + protocol pay borrowers
Owning your web3 security company in a bear market year sucks because audit volume is lower.
Yet, being laid off sucks so much more.
I've experienced both, and I'm so glad I can keep building my own things for myself and my own company while everything is quiet, but clients keep reaching out even if fewer.
I'm only hiring when demands are high. But, feel free to reach out and stay in contact so I can add you to my pool of auditors I trust.
After the large number of applicants for the Zealynx Audit Grants program ends, I might need extra hands.
As always, happy to help in anything I can.
This Security Researcher has earned $1,714,402 hunting bugs.
22+ live critical vulnerabilities found, saving hundreds of millions of dollars from hacks.
Meet @__nnez
We asked him how he does it.
What is one practical bug bounty strategy that has helped you find better bugs?
"Choosing targets based purely on what excites me, either a cool new concept or a huge bounty. If a codebase kills my interest early on, it’s impossible to dig deep enough to find critical bugs. I only hack on things that keep me hooked. "
What habit, routine, or mindset has made you more consistent as a researcher?
"I let myself get bored. Bug bounty hunting generally rewards either incredible speed or deep uniqueness. Since speed isn’t my strength, I focus on the creative side. Being comfortable with boredom is what actually triggers that creativity, giving my mind the space to connect dots and find the bugs that require a different perspective. "
Can you share a memorable bug or win, and what helped you find it?
"I had found a logic bug primitive but couldn't figure out how to trigger it. After poking around the codebase for almost two weeks and thinking that I had exhausted everything, I just took my eyes off the code and went for a walk to a bar. On the way there, the idea popped into my head to test the sequential properties of a related function. It turned out to break at a very negative value, and I chained it with the primitive from a week ago to reach a critical impact. "
What is one piece of advice you would give to a researcher trying to level up or land their first bounty?
"Log off X and go hunt :) "
Simulation of a P-controller for interest rates of a lending protocol (pic 1)
Controller aims to keep utilization rate high (pic 3)
util < optimal -> decrease interest rate
util > optimal -> increase interest rate
Simulation (pic 2)
Yields (pic 4)
https://t.co/oqI7nKn23V
Who to follow
Patrick Collins 
@PatrickAlphaC
Co-founder of 🛡️@cyfrin | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft | ⚔️ @battlechain
pashov
@pashov
Telegram https://t.co/qOHEkyaNYl
Security audits @PashovAuditGrp
Angel investing @PashovCapital
RareSkills
@RareSkills_io
ZK: https://t.co/mRKtMB6drC
Rust: https://t.co/FnOBJDlYuI
Solidity: https://t.co/KBSAmRZZF6
@RareCodeAI | @RareTalent_xyz
I've been in crypto since 2013, and can say with certainty that this is the worst period for the industry in terms of number of teams closing shop, leaving, running out of money and cutting costs (we ourselves did that a couple of months ago).
Which makes me more hopeful than ever. With every past downturn we'd look around and say "the bright side is that some shit projects will finally get closed" but that hasn't happened. Till now.
I'm not saying that the projects that are closing shop aren't good. That's not the case. Some are amazing and I'm really sorry to see them struggle and close. But for the next summer to bloom, there will need to be cuts. This is good for the industry.
And where will the next wave of excitement come to crypto from? This is my thought and hope and what I'm working on.
It's not going to be AI.
It's not going to be Corpo stuff.
It's freedom of financial innovation. That's what I'm working on and believe in and am excited about.
What's your take?
Hi everyone,
I'm currently looking for a 100% remote job.
I have over 5 years of experience in DeFi (governance, risk management, treasury, growth) with companies like @aave (with @AaveChan), @Spiral_DAO, @Trevee_xyz, and @TelosConsilium .
I'm open to Web3 opportunities, as well as Web2 or fintech companies looking for a versatile profile with a good understanding of crypto and DeFi. I'm also open to learning a new role if the project is interesting.
If you have an opportunity or know someone who's hiring, feel free to contact me via private message.
@RealJohnnyTime @aave Aave v3 have the risks of shared pools🤔
Aave v4 is still new🤔
I'd consider
Aave v3 deposit
Uni v3 stablecoin pools
USDS -> Sky savings rate
USDC -> Coinbase?
Fixed-point tip from @Uniswap code review: when you invert a price by dividing a small constant by it, you throw away low bits before you even start. Use the largest safe numerator (near 2^256-1) for the reciprocal, then shift down. Same formula, more surviving precision.
Midnight morpho's math to calculate credit after slashing is the same math used in Liquity stability pool
Midnight code
https://t.co/1f9dkL1cBS
Liquity stability pool math
https://t.co/tIeNlsLN7X
Aslında 2022'deki Terra- FTX çökmesinde bunun çok daha büyük versiyonları görüldü.
Örneğin: Piyasada 1 stETH = 0.94 ETH di.
Arbitrajcılar ucuz stETH topladı.
Withdrawal açıldıktan sonra 1:1 ETH çektiler.
Aylar içinde %5–8 civarında risksiz sayılabilecek getiriler elde edenler oldu.
Ancak günümüz piyasasında 0.001 ETH (1.7$) seviyesindeki farklar çoğu zaman: Arbitraj botlarının rekabeti
nedeniyle kullanıcıya ulaşmadan ortadan kalkar.
@0xgank Arbitrage is part of the game
1. Swap 100 ETH to 100.001 stETH
2. Queue withdraw on LIDO (stETH to ETH)
3. Receive 100.001 ETH in 2 days
Net profit
$1676 / ETH * 0.001 ETH - gas = $1.676 - gas💀
This Vitalik's 2016 Reddit post gave core idea for Uniswap:
'Let's run on-chain decentralized exchanges the way we run prediction markets'.
Hayden then built it and DEXs became core infra of DeFi where price discovery happens, LPs farm, and ppl can trade without KYC.
What if the new idea by Vitalik becomes a new Uniswap? Or in this case Aave?
He proposes DeFi without liquidations, built on options instead of debt.
How it works in practice:
Today on Aave you deposit 1 ETH at $1.5k and borrow $1k USDC.
If ETH dumps too much (likely lol), a bot sells your ETH with a penalty.
The whole system depends on real-time oracles being correct every second. Late liquidations incur bad debt.
In Vitalik's design your 1 ETH splits into two tokens: a 'stable dollars' token and an 'ETH upside' token.
- Borrowing: sell the stable token for cash, keep the upside token.
If ETH dumps you just lose the upside. No liquidation bot and no penalty
- Stablecoin: hold the stable token.
Worst case it slowly turns back into ETH rather than depegging overnight
- Leverage: buy the upside token. Max loss is what you paid and you can't get liquidated
It works like buying a call option: you pay once upfront, that payment is the most you can ever lose, and a temporary price wick can't liquidate you since only the price at expiry counts.
The two tokens always add up to 1 ETH, so the protocol can't end up with bad debt.
And the price oracle is only checked once at expiry so slow prediction-market style oracles are enough, no real time price feeds.
Since positions expire you have to roll them. But this creates new DeFi products like Pendle-ish vaults that automate the rolling for a fee.
This design removes cascading liquidations from DeFi lending.
Gotta keep an eye on it.
@0xpinkman @cantinasecurity There is no way to tell if the audit report was delayed or copied from SR findings.
At best they are wasting every SR's effort and time.
Bad practices should be called out so that SR can reconsider which contests to participate in
@cantinasecurity
Do you think it's fair to publish audit reports into out of scope after the contest has started?
This Security Researcher has earned $3,612,409 hunting bugs on Immunefi.
32+ live critical vulnerabilities found, saving hundreds of millions of dollars from hacks.
Meet @lonelysloth_sec, ranked Top 5 all-time on @Immunefi.
We asked him how he does it.
One practical bug bounty strategy that has helped him find better bugs: "Protocols share a lot of code. When you find a bug that isn't exploitable, take some times to check if the same bug doesn't show up in other protocols where it might be. Study families of protocols, compare their code. Things are getting more and more interconnected."
The habit, routine, or mindset that has made him more consistent as a researcher: "Curiosity. I don't rest until I understand every part of the system. Even if I end up not finding a bug, I want to understand it."
A memorable bug or win, and what helped him find it: "I have quite a few public disclosures, but for one project between '24 to '25 I got paid for 9 critical bugs. I spent months getting to know every last detail of their (very large) code base. More than a breakthrough it was about persistence in one target, learning everything about it, and using everything I knew on it. They weren't the highest paying bugs I found, but I'm very proud of that achievement. I still find bugs in that project."
His advice to a researcher trying to level up or land their first bounty: "Find motivation in the journey, because it's a long one. Enjoy understanding something that previously was mysterious to you, the feeling of knowledge accumulating. It compounds and will eventually lead to your bounties. Keep trying -- you need to give luck a chance to find you."
Review of 63 / 64 gas rule in EVM
An easy summary to remember, although slightly inaccurate, is that a naive gas refund mechanism can overpay the caller by about 1/64 of the gas sent
Code
https://t.co/T4wdZ8QEgK
Been wanting this to exist for a while, so I built it.
ProofOfRep, a reputation board for bug bounty programs and contests.
Report your unfair or dishonest experiences, with proof, and I'll manually review everything.
Hope it helps SRs focus on projects that actually take security seriously.
Still early. Let me know if this sucks or if it's useful. All feedback welcome.
https://t.co/AfBU7vCwmA
@Abdulra75754192 @0xgo4ko @cantinasecurity Everything was not included. You can check the dates on the reports and the git commits
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers